ISSN : 1796-2056
Volume : 3    Issue : 8    Date : November 2008

Substantiating Timing and Behavioral Anomalies in Wireless LANs Using GCL
Elankayer Sithirasenan and Vallipuram Muthukkumarasamy
Page(s): 2-15
Full Text:
PDF (224 KB)

With the increasing dependence on wireless LANs (WLANs), businesses, educational institutions
and other organizations are in need of a reliable security mechanism. The latest security protocol,
the IEEE 802.11i assures rigid security for WLANs with the support of IEEE 802.1x protocol for
authentication, authorization and key distribution. Nevertheless, fresh security threats are emerging
often to oust these new defense mechanisms. Further, many organizations based on superficial
vendor literature, believe their wireless security is sufficient enough to prevent any unauthorized
access. Having wide ranging options for security configurations, users are camouflaged into deep
uncertainty. This volatile state of affairs has prevented many organizations from fully deploying
WLANs for their secure communication needs, though WLANs may be cost effective and flexible. In
this paper, we present a novel mechanism to detect and substantiate anomalies caused by both
known and unknown security threats in WLANs. We monitor the wireless environment for timing
and/or behavior anomalies during the security association process and use outlier based data
association approaches to substantiate their legitimacy. The proposed concept was tested on our
experimental setup. The results obtained from wireless hosts configured for EAP-LEAP, PEAP and
TLS security association show high confidence for EAP group events.

Index Terms
anomaly detection, intrusion detection, wireless security, group outliers, IEEE 802.11, security threat